How to remove a cookie in Apache

Question

I need to remove a cookie from the HTTP request that gets to the server. Doing it on the client (that writes this cookie) or on the server (that reads it) is not an option.

Answer 1

You can manage specific cookies using following statements in apache reverse proxy configurations:

To remove any specific cookie you can use:
'Header add Set-Cookie "ANY_COOKIE='';expires='SOME_DATE_IN_PAST'; Max-Age=0; Path=COOKIE_PATH"'

By specifying past date, you tell the browser that the cookie has expired and browser will discard the cookie.

To add any cookie you can use:
'Header add Set-Cookie "ANY_COOKIE='ANY_VALUE';expires='SOME_FUTURE_DATE'; Path=COOKIE_PATH"'

Be sure that you specify the some future date. If you do not specify any date, the cookie will be treated as session cookie.

Try using the following to remove specific cookie from request:

'RequestHeader add Cookie "ANY_COOKIE='';expires='SOME_PAST_DATE'; Path=COOKIE_PATH"'